A bug bounty program, also called a vulnerability rewards program (VRP), is a crowdsourcing initiative that rewards individuals for discovering and reporting software bugs. Bug bounty programs are often initiated to supplement internal code audits and penetration tests as part of an organization’s vulnerability management strategy. Learn more. In computer security or elsewhere, responsible disclosure is a vulnerability disclosure model in which a vulnerability or an issue is disclosed only after a period of time that allows for the vulnerability or issue to be patched or mended. Learn more.
In this article, you will find a list of some web hosting and cloud hosting providers who have a bug bounty program or a responsible disclosure policy.
What is a vulnerability disclosure program?
A vulnerability disclosure program (VDP) offers guidance for how an organization would like to be notified about potential security vulnerabilities found by external third parties and how vulnerabilities are disclosed. Often called the “see something, say something” of the Internet, this public-facing program is an industry best practice. The VDP outlines how external third parties can report potential security vulnerabilities to IBM so they can be safely resolved. (Source)
What Does Responsible Disclosure Mean?
In computer security or elsewhere, responsible disclosure is a vulnerability disclosure model in which a vulnerability or an issue is disclosed only after a period of time that allows for the vulnerability or issue to be patched or mended. Learn more.
Amazon AWS Vulnerability Reporting
Amazon Web Services takes security very seriously, and investigates all reported vulnerabilities. This page describes our practice for addressing potential vulnerabilities in any aspect of our cloud services.
Google Vulnerability Reward Program (VRP) Rules
We have long enjoyed a close relationship with the security research community. To honor all the cutting-edge external contributions that help us keep our users safe, we maintain a Vulnerability Reward Program for Google-owned web properties, running continuously since November 2010.
OVH Bug Bounty - Help us reinforce our security!
The program for reporting bugs on OVH infrastructures is accessible to all at bountyfactory.io. The objective: to continually improve the security of the services offered by the European cloud leader.
Presented on July 2 during the 14th edition of Nuit du Hack (one of the oldest French underground hacking events), held in Paris, France, OVH Bug Bounty allows anyone interested in computer security to report potential vulnerabilities found within the scope of the API and the Customer Control Panel. Tested internally, this program is now accessible on the bountfactory.io platform. The principal is simple: all reported bugs are examined by the security team and if required, corrective action taken, then a reward issued.
“To attract the best to the OVH Bug Bounty program, rewards can reach up to 10,000 euros. Each report linked to a proven bug will result in a reward, monetary in most cases and sometimes in the form of ‘goodies’ or vouchers for bugs that are not within the scope of the program.”
DigitalOcean Bug Bounty Program
In Spring of 2017, DigitalOcean transitioned from a private bug bounty program to a public bounty program on Bugcrowd. There were many drivers behind this decision, including getting more researcher engagement with our products, leveraging the pre-existing researchers that exist in the Bugcrowd ecosystem, and creating a scalable solution for the DO security team to manage. Although researchers were actively engaged in our original private bug bounty program, we immediately began to see quality vulnerabilities reported once we made the switch. Our old bug bounty program consisted of manual verification and a reward of Droplet credit and/or DO swag. While this worked when we were a much smaller company, the need to level up our bug bounty program has grown as we’ve scaled.
Vultr Bug Bounty Program
The Vultr.com websites my.vultr.com, www.vultr.com, api.vultr.com are all within scope. The accepted categories include injection attacks, authentication or authorization flaws, cross-site scripting, sensitive data exposure, privilege escalation, and other security issues.
Microsoft Azure - Extending Microsoft Online Services Bug Bounty Program to Azure
The security of the Azure cloud platform is paramount to Microsoft and we recognize the trust that customers place in us when hosting applications and storing data in Azure. Today, we are announcing the addition of Azure to the Microsoft Online Services Bug Bounty Program.
Alibaba Cloud Vulnerability Rewards Program
If you believe you have found any security (technical) vulnerability in the products or services of Alibaba Group, you are welcomed to submit a vulnerability report on our platform.
Hostinger Bug Rewards Program
Hostinger encourages the responsible disclosure of security vulnerabilities in our services or on our website. In order to facilitate the responsible disclosure of security vulnerabilities, we agree that if, in our sole discretion, we conclude that a disclosure meets all of the guidelines of the Hostinger Bug Rewards Program, Hostinger will not bring any private or criminal legal action against the disclosing party.
PlanetHoster Bug Bounty Program
SAN FRANCISCO, Sept. 19, 2018 (GLOBE NEWSWIRE) – Bugcrowd, the leader in crowdsourced security, today announced PlanetHoster has taken its bug bounty program public on the CrowdcontrolTM platform. The company, which has been running a private bug bounty program for the last year, is offering rewards up to $2,500 for vulnerabilities identified by Bugcrowd global Crowd of trusted researchers. The program helps bolster security for PlanetHoster, which provides premium web hosting for more than 100,000 customers in North America and Europe.
Porkbun Bug Bounty Program
Porkbun wants to stamp out any bugs we haven’t yet found, and we need the help of the security community to do it. If you find a security vulnerability on Porkbun, we want to hear about it, ASAP. BE PATIENT: We will assess and process your submission as quickly as possible. Depending on the nature of the vulnerability and available development time it may take up to 30 days for us to fix it and make payment to you.
Siteground Responsible Disclosure Policy
The security of users’ data is always our top priority. If you have discovered security vulnerability anywhere in our services, we greatly appreciate your cooperation in disclosing it to us in a responsible manner, following the guidelines set out in this Policy.
We commit to acknowledge, validate, and fix vulnerabilities in the timeliest manner possible. We will not take legal action against or suspend access to our services for any party that has responsibly disclosed vulnerabilities discovered.
We would like to give proper credit to the people who help us improve our services and protect the SiteGround community. If you discover a valid significant vulnerability and report it in accordance with this Policy, we will add your name to our Honor Roll. If you wish to keep your disclosure confidential, just let us know and we would never reveal your identity. In case the same vulnerability is reported by several parties before it is fixed, the acknowledgment will go to the first one to report the issue.
Rackspace Security Vulnerability Reporting
We’ve designed our infrastructure and services for security, to protect our customers and their data. But if you discover a security vulnerability with any of our products, control panels, or other infrastructure, we want to know.
Know Other Web Hosting Providers’ Bounty Programs?
Please communicate with us via this form if you know another Web / cloud Hosting company who has a bounty program. We really appreciate your collaboration.
Some Other Web Hosting Related Providers Bounty Programs
- WHMCS Security Bounty Program: Our Security Bounty Program is our way to reward security researchers for finding and reporting security vulnerabilities to us.
[On Hold] GoDaddy bug bounty program
The GoDaddy bug bounty program is currently on hold.
Thank you to all the researchers who participated in the GoDaddy Bug Bounty Program. At this time, we are suspending new submissions as we work on improving our program. Anything currently in the queue will be completed. We’ll be inviting all participants back as soon as we launch our new program. Your contributions have been invaluable and we look forward to working with you again in the future.
Other Lists of Bug Bounty Programs
WebHostingSaver.com (Formerly WH.PerfectDeals.Today) is a FREE Meta-Search and Comparison Engine built by CITWeb.ca. Comparing Thousands of Web Hosting offers usually takes hours or even days. With this new Easy-to-use solution Web Hosting Meta-Search and Comparison Engine, the same task can be performed instantly. It helps professionals and businesses save time & money, get better for less. Offers comparison is based on aggregated reviews (200.000+ reviews), technical specs, location, pricing and more! WebHostingSaver.com is the ONE-STOP solution that helps IT professionals and businesses find the perfect & cheapest Web Hosting Offers that fit their needs within their budget. Your can read more here WebHostingSaver.com